Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart PC Cleaner Rogue Antispyware


  • Please log in to reply
8 replies to this topic

#1 delandelan

delandelan

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 23 April 2012 - 11:39 PM

Hi

I just noticed on my parent's laptop that they have had a program install itself called Smart Pc Cleaner and I think it is a rogue malware cleaner. The same day a new program called Expert PDF reader 7 was installed.

This is a windows vista pc.

Please help me safely remove this program. This laptop has Avira antivir and Norton 360 running at the same time. I am sure they are not working properly. I am reluctant to do anything. Something similar happened to my girlfriend's pc with a different kind of rogue malware cleaner and it deleted all her programs from the start menu.

Regards,
Delan

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 24 April 2012 - 10:07 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 29 April 2012 - 11:10 PM

Hi thanks for responding, I forgot to mention that the other program that installed at the same time is called Expert PDF viewer

Here is the log for TDSSKiller. GMER did not post a log so I am retrying it. I still have not installed the third file. I will post that log tomorrow after rescanning with GMER


20:18:20.0438 5748 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:18:21.0949 5748 ============================================================
20:18:21.0949 5748 Current date / time: 2012/04/29 20:18:21.0949
20:18:21.0949 5748 SystemInfo:
20:18:21.0949 5748
20:18:21.0949 5748 OS Version: 6.0.6002 ServicePack: 2.0
20:18:21.0949 5748 Product type: Workstation
20:18:21.0950 5748 ComputerName: OWNER-PC
20:18:21.0950 5748 UserName: Owner
20:18:21.0950 5748 Windows directory: C:\Windows
20:18:21.0950 5748 System windows directory: C:\Windows
20:18:21.0950 5748 Processor architecture: Intel x86
20:18:21.0950 5748 Number of processors: 2
20:18:21.0950 5748 Page size: 0x1000
20:18:21.0950 5748 Boot type: Normal boot
20:18:21.0950 5748 ============================================================
20:18:24.0210 5748 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:18:24.0286 5748 ============================================================
20:18:24.0286 5748 \Device\Harddisk0\DR0:
20:18:24.0287 5748 MBR partitions:
20:18:24.0287 5748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x16702800
20:18:24.0287 5748 ============================================================
20:18:24.0342 5748 C: <-> \Device\Harddisk0\DR0\Partition0
20:18:24.0343 5748 ============================================================
20:18:24.0343 5748 Initialize success
20:18:24.0343 5748 ============================================================
20:18:31.0037 6652 ============================================================
20:18:31.0037 6652 Scan started
20:18:31.0037 6652 Mode: Manual;
20:18:31.0037 6652 ============================================================
20:18:33.0509 6652 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:18:33.0554 6652 ACPI - ok
20:18:33.0611 6652 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
20:18:33.0646 6652 adfs - ok
20:18:33.0739 6652 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:18:33.0792 6652 adp94xx - ok
20:18:33.0866 6652 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:18:33.0926 6652 adpahci - ok
20:18:33.0964 6652 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:18:34.0012 6652 adpu160m - ok
20:18:34.0056 6652 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:18:34.0112 6652 adpu320 - ok
20:18:34.0164 6652 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:18:34.0166 6652 AeLookupSvc - ok
20:18:34.0228 6652 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:18:34.0246 6652 AFD - ok
20:18:34.0283 6652 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
20:18:34.0316 6652 AgereModemAudio - ok
20:18:34.0465 6652 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
20:18:34.0606 6652 AgereSoftModem - ok
20:18:34.0683 6652 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:18:34.0734 6652 agp440 - ok
20:18:34.0761 6652 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:18:34.0794 6652 aic78xx - ok
20:18:35.0317 6652 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
20:18:35.0317 6652 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:18:35.0334 6652 Akamai ( HiddenFile.Multi.Generic ) - warning
20:18:35.0334 6652 Akamai - detected HiddenFile.Multi.Generic (1)
20:18:35.0529 6652 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:18:35.0568 6652 ALG - ok
20:18:35.0630 6652 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:18:35.0660 6652 aliide - ok
20:18:35.0711 6652 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:18:35.0750 6652 amdagp - ok
20:18:35.0782 6652 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:18:35.0821 6652 amdide - ok
20:18:35.0848 6652 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:18:35.0881 6652 AmdK7 - ok
20:18:35.0907 6652 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:18:35.0915 6652 AmdK8 - ok
20:18:36.0017 6652 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:18:36.0019 6652 AntiVirSchedulerService - ok
20:18:36.0075 6652 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:18:36.0080 6652 AntiVirService - ok
20:18:36.0148 6652 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:18:36.0150 6652 Appinfo - ok
20:18:36.0243 6652 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:18:36.0300 6652 Apple Mobile Device - ok
20:18:36.0396 6652 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:18:36.0432 6652 arc - ok
20:18:36.0485 6652 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:18:36.0493 6652 arcsas - ok
20:18:36.0547 6652 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:18:36.0581 6652 AsyncMac - ok
20:18:36.0629 6652 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:18:36.0666 6652 atapi - ok
20:18:36.0738 6652 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:18:36.0744 6652 AudioEndpointBuilder - ok
20:18:36.0751 6652 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:18:36.0756 6652 Audiosrv - ok
20:18:36.0797 6652 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
20:18:36.0829 6652 avgntflt - ok
20:18:36.0910 6652 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
20:18:36.0954 6652 avipbb - ok
20:18:37.0016 6652 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:18:37.0053 6652 Beep - ok
20:18:37.0133 6652 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:18:37.0142 6652 BFE - ok
20:18:37.0358 6652 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
20:18:37.0384 6652 BHDrvx86 - ok
20:18:37.0486 6652 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:18:37.0541 6652 BITS - ok
20:18:37.0580 6652 blbdrive - ok
20:18:37.0690 6652 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
20:18:37.0734 6652 Bonjour Service - ok
20:18:37.0774 6652 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:18:37.0807 6652 bowser - ok
20:18:37.0851 6652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:18:37.0896 6652 BrFiltLo - ok
20:18:37.0930 6652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:18:37.0937 6652 BrFiltUp - ok
20:18:37.0974 6652 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:18:38.0015 6652 Browser - ok
20:18:38.0068 6652 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:18:38.0103 6652 Brserid - ok
20:18:38.0130 6652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:18:38.0138 6652 BrSerWdm - ok
20:18:38.0159 6652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:18:38.0191 6652 BrUsbMdm - ok
20:18:38.0228 6652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:18:38.0233 6652 BrUsbSer - ok
20:18:38.0322 6652 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
20:18:38.0368 6652 BrYNSvc - ok
20:18:38.0415 6652 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:18:38.0452 6652 BTHMODEM - ok
20:18:38.0571 6652 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602000.009\ccSetx86.sys
20:18:38.0605 6652 ccSet_N360 - ok
20:18:38.0627 6652 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:18:38.0676 6652 cdfs - ok
20:18:38.0733 6652 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:18:38.0764 6652 cdrom - ok
20:18:38.0820 6652 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:18:38.0821 6652 CertPropSvc - ok
20:18:38.0888 6652 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:18:38.0937 6652 CFSvcs - ok
20:18:38.0994 6652 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:18:39.0028 6652 circlass - ok
20:18:39.0091 6652 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:18:39.0130 6652 CLFS - ok
20:18:39.0231 6652 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:18:39.0268 6652 clr_optimization_v2.0.50727_32 - ok
20:18:39.0374 6652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:18:39.0449 6652 clr_optimization_v4.0.30319_32 - ok
20:18:39.0506 6652 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:18:39.0541 6652 CmBatt - ok
20:18:39.0595 6652 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:18:39.0622 6652 cmdide - ok
20:18:39.0652 6652 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:18:39.0687 6652 Compbatt - ok
20:18:39.0692 6652 COMSysApp - ok
20:18:39.0702 6652 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:18:39.0718 6652 crcdisk - ok
20:18:39.0747 6652 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:18:39.0754 6652 Crusoe - ok
20:18:39.0811 6652 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:18:39.0815 6652 CryptSvc - ok
20:18:39.0921 6652 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:18:39.0936 6652 DcomLaunch - ok
20:18:39.0983 6652 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:18:40.0014 6652 DfsC - ok
20:18:40.0205 6652 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:18:40.0313 6652 DFSR - ok
20:18:40.0494 6652 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:18:40.0499 6652 Dhcp - ok
20:18:40.0551 6652 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:18:40.0590 6652 disk - ok
20:18:40.0626 6652 dlbk_device - ok
20:18:40.0669 6652 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:18:40.0672 6652 Dnscache - ok
20:18:40.0715 6652 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:18:40.0769 6652 dot3svc - ok
20:18:40.0829 6652 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:18:40.0833 6652 DPS - ok
20:18:40.0861 6652 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:18:40.0895 6652 drmkaud - ok
20:18:40.0982 6652 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:18:41.0011 6652 DXGKrnl - ok
20:18:41.0063 6652 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:18:41.0094 6652 E1G60 - ok
20:18:41.0154 6652 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:18:41.0157 6652 EapHost - ok
20:18:41.0210 6652 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:18:41.0265 6652 Ecache - ok
20:18:41.0385 6652 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:18:41.0411 6652 eeCtrl - ok
20:18:41.0480 6652 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:18:41.0530 6652 ehRecvr - ok
20:18:41.0581 6652 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:18:41.0623 6652 ehSched - ok
20:18:41.0653 6652 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:18:41.0691 6652 ehstart - ok
20:18:41.0770 6652 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:18:41.0809 6652 elxstor - ok
20:18:41.0901 6652 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:18:41.0914 6652 EMDMgmt - ok
20:18:42.0001 6652 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:18:42.0016 6652 EraserUtilRebootDrv - ok
20:18:42.0087 6652 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:18:42.0095 6652 EventSystem - ok
20:18:42.0222 6652 EvtEng (298c8f404968a600d1c298d43783bdb8) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:18:42.0282 6652 EvtEng - ok
20:18:42.0374 6652 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:18:42.0407 6652 exfat - ok
20:18:42.0463 6652 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:18:42.0510 6652 fastfat - ok
20:18:42.0563 6652 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:18:42.0602 6652 fdc - ok
20:18:42.0648 6652 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:18:42.0674 6652 fdPHost - ok
20:18:42.0707 6652 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:18:42.0746 6652 FDResPub - ok
20:18:42.0795 6652 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:18:42.0832 6652 FileInfo - ok
20:18:42.0878 6652 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:18:42.0911 6652 Filetrace - ok
20:18:43.0025 6652 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:18:43.0083 6652 FLEXnet Licensing Service - ok
20:18:43.0162 6652 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:18:43.0193 6652 flpydisk - ok
20:18:43.0243 6652 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:18:43.0287 6652 FltMgr - ok
20:18:43.0414 6652 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:18:43.0481 6652 FontCache - ok
20:18:43.0559 6652 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:18:43.0614 6652 FontCache3.0.0.0 - ok
20:18:43.0649 6652 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:18:43.0682 6652 Fs_Rec - ok
20:18:43.0736 6652 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:18:43.0771 6652 gagp30kx - ok
20:18:43.0823 6652 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:18:43.0859 6652 GEARAspiWDM - ok
20:18:43.0973 6652 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:18:44.0036 6652 gpsvc - ok
20:18:44.0185 6652 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:18:44.0189 6652 gupdate - ok
20:18:44.0219 6652 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:18:44.0222 6652 gupdatem - ok
20:18:44.0284 6652 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:18:44.0329 6652 gusvc - ok
20:18:44.0419 6652 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:18:44.0451 6652 HdAudAddService - ok
20:18:44.0530 6652 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:18:44.0577 6652 HDAudBus - ok
20:18:44.0611 6652 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:18:44.0618 6652 HidBth - ok
20:18:44.0646 6652 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:18:44.0653 6652 HidIr - ok
20:18:44.0688 6652 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:18:44.0690 6652 hidserv - ok
20:18:44.0709 6652 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:18:44.0715 6652 HidUsb - ok
20:18:44.0754 6652 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:18:44.0758 6652 hkmsvc - ok
20:18:44.0832 6652 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:18:44.0876 6652 HpCISSs - ok
20:18:44.0950 6652 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:18:45.0001 6652 HTTP - ok
20:18:45.0035 6652 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:18:45.0083 6652 i2omp - ok
20:18:45.0141 6652 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:18:45.0150 6652 i8042prt - ok
20:18:45.0214 6652 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
20:18:45.0216 6652 iaStor - ok
20:18:45.0265 6652 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:18:45.0313 6652 iaStorV - ok
20:18:45.0508 6652 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:18:45.0623 6652 idsvc - ok
20:18:45.0854 6652 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120427.001\IDSvix86.sys
20:18:45.0862 6652 IDSVix86 - ok
20:18:46.0228 6652 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:18:46.0331 6652 igfx - ok
20:18:46.0511 6652 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:18:46.0552 6652 iirsp - ok
20:18:46.0637 6652 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:18:46.0649 6652 IKEEXT - ok
20:18:46.0920 6652 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
20:18:47.0019 6652 IntcAzAudAddService - ok
20:18:47.0200 6652 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:18:47.0245 6652 intelide - ok
20:18:47.0292 6652 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:18:47.0330 6652 intelppm - ok
20:18:47.0389 6652 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:18:47.0404 6652 IPBusEnum - ok
20:18:47.0433 6652 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:18:47.0482 6652 IpFilterDriver - ok
20:18:47.0539 6652 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:18:47.0547 6652 iphlpsvc - ok
20:18:47.0553 6652 IpInIp - ok
20:18:47.0592 6652 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:18:47.0644 6652 IPMIDRV - ok
20:18:47.0691 6652 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:18:47.0739 6652 IPNAT - ok
20:18:47.0866 6652 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
20:18:47.0917 6652 iPod Service - ok
20:18:47.0956 6652 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:18:47.0962 6652 IRENUM - ok
20:18:48.0007 6652 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:18:48.0056 6652 isapnp - ok
20:18:48.0110 6652 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:18:48.0151 6652 iScsiPrt - ok
20:18:48.0173 6652 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:18:48.0181 6652 iteatapi - ok
20:18:48.0200 6652 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:18:48.0225 6652 iteraid - ok
20:18:48.0272 6652 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:18:48.0306 6652 kbdclass - ok
20:18:48.0341 6652 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:18:48.0368 6652 kbdhid - ok
20:18:48.0414 6652 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:18:48.0416 6652 KeyIso - ok
20:18:48.0456 6652 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:18:48.0520 6652 KSecDD - ok
20:18:48.0603 6652 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:18:48.0612 6652 KtmRm - ok
20:18:48.0640 6652 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:18:48.0646 6652 LanmanServer - ok
20:18:48.0713 6652 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:18:48.0720 6652 LanmanWorkstation - ok
20:18:48.0778 6652 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:18:48.0836 6652 lltdio - ok
20:18:48.0896 6652 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:18:48.0936 6652 lltdsvc - ok
20:18:48.0981 6652 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:18:48.0985 6652 lmhosts - ok
20:18:49.0028 6652 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
20:18:49.0062 6652 LPCFilter - ok
20:18:49.0099 6652 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:18:49.0111 6652 LSI_FC - ok
20:18:49.0138 6652 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:18:49.0175 6652 LSI_SAS - ok
20:18:49.0206 6652 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:18:49.0218 6652 LSI_SCSI - ok
20:18:49.0259 6652 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:18:49.0299 6652 luafv - ok
20:18:49.0343 6652 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys
20:18:49.0385 6652 MBAMSwissArmy - ok
20:18:49.0487 6652 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:18:49.0544 6652 McComponentHostService - ok
20:18:49.0600 6652 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:18:49.0672 6652 Mcx2Svc - ok
20:18:49.0744 6652 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:18:49.0779 6652 megasas - ok
20:18:49.0819 6652 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:18:49.0824 6652 MMCSS - ok
20:18:49.0885 6652 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:18:49.0894 6652 Modem - ok
20:18:49.0931 6652 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:18:49.0969 6652 monitor - ok
20:18:50.0012 6652 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:18:50.0050 6652 mouclass - ok
20:18:50.0077 6652 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:18:50.0111 6652 mouhid - ok
20:18:50.0161 6652 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:18:50.0195 6652 MountMgr - ok
20:18:50.0240 6652 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:18:50.0278 6652 mpio - ok
20:18:50.0321 6652 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:18:50.0363 6652 mpsdrv - ok
20:18:50.0446 6652 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:18:50.0459 6652 MpsSvc - ok
20:18:50.0501 6652 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:18:50.0545 6652 Mraid35x - ok
20:18:50.0590 6652 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:18:50.0632 6652 MRxDAV - ok
20:18:50.0675 6652 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:18:50.0685 6652 mrxsmb - ok
20:18:50.0725 6652 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:18:50.0766 6652 mrxsmb10 - ok
20:18:50.0777 6652 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:18:50.0801 6652 mrxsmb20 - ok
20:18:50.0843 6652 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:18:50.0883 6652 msahci - ok
20:18:50.0915 6652 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:18:50.0943 6652 msdsm - ok
20:18:51.0004 6652 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:18:51.0051 6652 MSDTC - ok
20:18:51.0086 6652 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:18:51.0121 6652 Msfs - ok
20:18:51.0161 6652 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:18:51.0202 6652 msisadrv - ok
20:18:51.0263 6652 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:18:51.0304 6652 MSiSCSI - ok
20:18:51.0311 6652 msiserver - ok
20:18:51.0361 6652 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:18:51.0392 6652 MSKSSRV - ok
20:18:51.0435 6652 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:18:51.0468 6652 MSPCLOCK - ok
20:18:51.0494 6652 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:18:51.0499 6652 MSPQM - ok
20:18:51.0538 6652 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:18:51.0576 6652 MsRPC - ok
20:18:51.0625 6652 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:18:51.0632 6652 mssmbios - ok
20:18:51.0665 6652 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:18:51.0704 6652 MSTEE - ok
20:18:51.0739 6652 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:18:51.0777 6652 Mup - ok
20:18:51.0927 6652 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
20:18:51.0964 6652 N360 - ok
20:18:52.0023 6652 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:18:52.0032 6652 napagent - ok
20:18:52.0104 6652 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:18:52.0160 6652 NativeWifiP - ok
20:18:52.0355 6652 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120428.016\NAVENG.SYS
20:18:52.0388 6652 NAVENG - ok
20:18:52.0577 6652 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120428.016\NAVEX15.SYS
20:18:52.0616 6652 NAVEX15 - ok
20:18:52.0880 6652 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:18:52.0950 6652 NDIS - ok
20:18:52.0991 6652 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:18:53.0022 6652 NdisTapi - ok
20:18:53.0064 6652 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:18:53.0098 6652 Ndisuio - ok
20:18:53.0159 6652 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:18:53.0195 6652 NdisWan - ok
20:18:53.0235 6652 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:18:53.0266 6652 NDProxy - ok
20:18:53.0301 6652 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:18:53.0333 6652 NetBIOS - ok
20:18:53.0404 6652 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:18:53.0425 6652 netbt - ok
20:18:53.0458 6652 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:18:53.0462 6652 Netlogon - ok
20:18:53.0516 6652 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:18:53.0527 6652 Netman - ok
20:18:53.0578 6652 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:18:53.0588 6652 netprofm - ok
20:18:53.0666 6652 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:18:53.0688 6652 NetTcpPortSharing - ok
20:18:53.0859 6652 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:18:53.0939 6652 NETw3v32 - ok
20:18:54.0287 6652 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:18:54.0450 6652 NETw4v32 - ok
20:18:54.0655 6652 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:18:54.0705 6652 nfrd960 - ok
20:18:54.0766 6652 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:18:54.0774 6652 NlaSvc - ok
20:18:54.0824 6652 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:18:54.0862 6652 Npfs - ok
20:18:54.0896 6652 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:18:54.0900 6652 nsi - ok
20:18:54.0927 6652 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:18:54.0965 6652 nsiproxy - ok
20:18:55.0119 6652 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:18:55.0200 6652 Ntfs - ok
20:18:55.0251 6652 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:18:55.0280 6652 ntrigdigi - ok
20:18:55.0327 6652 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:18:55.0357 6652 Null - ok
20:18:55.0400 6652 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:18:55.0448 6652 nvraid - ok
20:18:55.0478 6652 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:18:55.0488 6652 nvstor - ok
20:18:55.0534 6652 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:18:55.0568 6652 nv_agp - ok
20:18:55.0573 6652 NwlnkFlt - ok
20:18:55.0581 6652 NwlnkFwd - ok
20:18:55.0653 6652 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:18:55.0662 6652 ohci1394 - ok
20:18:55.0729 6652 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:18:55.0796 6652 p2pimsvc - ok
20:18:55.0807 6652 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:18:55.0815 6652 p2psvc - ok
20:18:55.0854 6652 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:18:55.0888 6652 Parport - ok
20:18:55.0933 6652 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:18:55.0942 6652 partmgr - ok
20:18:55.0955 6652 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:18:55.0985 6652 Parvdm - ok
20:18:56.0025 6652 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:18:56.0029 6652 PcaSvc - ok
20:18:56.0059 6652 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:18:56.0107 6652 pci - ok
20:18:56.0154 6652 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
20:18:56.0202 6652 pciide - ok
20:18:56.0248 6652 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
20:18:56.0321 6652 pcmcia - ok
20:18:56.0447 6652 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:18:56.0518 6652 PEAUTH - ok
20:18:56.0688 6652 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:18:56.0734 6652 pla - ok
20:18:56.0876 6652 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:18:56.0887 6652 PlugPlay - ok
20:18:56.0965 6652 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:18:56.0973 6652 PNRPAutoReg - ok
20:18:56.0983 6652 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:18:56.0991 6652 PNRPsvc - ok
20:18:57.0043 6652 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:18:57.0086 6652 PolicyAgent - ok
20:18:57.0157 6652 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:18:57.0190 6652 PptpMiniport - ok
20:18:57.0235 6652 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:18:57.0266 6652 Processor - ok
20:18:57.0322 6652 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:18:57.0328 6652 ProfSvc - ok
20:18:57.0358 6652 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:18:57.0361 6652 ProtectedStorage - ok
20:18:57.0390 6652 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:18:57.0392 6652 PSched - ok
20:18:57.0490 6652 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:18:57.0562 6652 ql2300 - ok
20:18:57.0604 6652 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:18:57.0638 6652 ql40xx - ok
20:18:57.0713 6652 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:18:57.0728 6652 QWAVE - ok
20:18:57.0772 6652 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:18:57.0773 6652 QWAVEdrv - ok
20:18:57.0802 6652 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:18:57.0837 6652 RasAcd - ok
20:18:57.0887 6652 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:18:57.0925 6652 RasAuto - ok
20:18:57.0971 6652 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:18:58.0003 6652 Rasl2tp - ok
20:18:58.0063 6652 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:18:58.0132 6652 RasMan - ok
20:18:58.0177 6652 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:18:58.0185 6652 RasPppoe - ok
20:18:58.0204 6652 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:18:58.0258 6652 RasSstp - ok
20:18:58.0316 6652 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:18:58.0358 6652 rdbss - ok
20:18:58.0394 6652 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:18:58.0435 6652 RDPCDD - ok
20:18:58.0511 6652 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:18:58.0528 6652 rdpdr - ok
20:18:58.0535 6652 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:18:58.0567 6652 RDPENCDD - ok
20:18:58.0621 6652 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:18:58.0740 6652 RDPWD - ok
20:18:58.0862 6652 RegSrvc (83a5d92ace4465c667d1d55fcdab2658) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:18:58.0920 6652 RegSrvc - ok
20:18:58.0985 6652 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:18:59.0036 6652 RemoteAccess - ok
20:18:59.0091 6652 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:18:59.0125 6652 RemoteRegistry - ok
20:18:59.0169 6652 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:18:59.0208 6652 RpcLocator - ok
20:18:59.0298 6652 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
20:18:59.0305 6652 RpcSs - ok
20:18:59.0354 6652 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:18:59.0387 6652 rspndr - ok
20:18:59.0430 6652 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:18:59.0461 6652 RTL8169 - ok
20:18:59.0502 6652 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:18:59.0506 6652 SamSs - ok
20:18:59.0544 6652 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:18:59.0554 6652 sbp2port - ok
20:18:59.0596 6652 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:18:59.0609 6652 SCardSvr - ok
20:18:59.0654 6652 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\Windows\system32\drivers\SCDEmu.sys
20:18:59.0717 6652 SCDEmu - ok
20:18:59.0803 6652 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:18:59.0819 6652 Schedule - ok
20:18:59.0864 6652 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:18:59.0866 6652 SCPolicySvc - ok
20:18:59.0917 6652 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:18:59.0962 6652 sdbus - ok
20:19:00.0137 6652 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:19:00.0153 6652 SDRSVC - ok
20:19:00.0192 6652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:19:00.0224 6652 secdrv - ok
20:19:00.0311 6652 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:19:00.0337 6652 seclogon - ok
20:19:00.0490 6652 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:19:00.0497 6652 SENS - ok
20:19:00.0538 6652 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:19:00.0618 6652 Serenum - ok
20:19:00.0718 6652 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:19:00.0758 6652 Serial - ok
20:19:00.0850 6652 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:19:00.0887 6652 sermouse - ok
20:19:00.0962 6652 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:19:00.0969 6652 SessionEnv - ok
20:19:01.0027 6652 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:19:01.0064 6652 sffdisk - ok
20:19:01.0110 6652 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:19:01.0145 6652 sffp_mmc - ok
20:19:01.0181 6652 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:19:01.0187 6652 sffp_sd - ok
20:19:01.0214 6652 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:19:01.0220 6652 sfloppy - ok
20:19:01.0256 6652 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:19:01.0296 6652 SharedAccess - ok
20:19:01.0357 6652 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:19:01.0365 6652 ShellHWDetection - ok
20:19:01.0396 6652 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:19:01.0428 6652 sisagp - ok
20:19:01.0468 6652 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:19:01.0517 6652 SiSRaid2 - ok
20:19:01.0556 6652 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:19:01.0565 6652 SiSRaid4 - ok
20:19:02.0134 6652 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:19:02.0471 6652 slsvc - ok
20:19:02.0752 6652 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:19:02.0819 6652 SLUINotify - ok
20:19:02.0899 6652 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:19:02.0910 6652 Smb - ok
20:19:02.0959 6652 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:19:02.0965 6652 SNMPTRAP - ok
20:19:03.0001 6652 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:19:03.0045 6652 spldr - ok
20:19:03.0104 6652 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:19:03.0153 6652 Spooler - ok
20:19:03.0273 6652 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\N360\0601020.00A\SRTSP.SYS
20:19:03.0308 6652 SRTSP - ok
20:19:03.0390 6652 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602000.009\SRTSPX.SYS
20:19:03.0435 6652 SRTSPX - ok
20:19:03.0545 6652 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:19:03.0570 6652 srv - ok
20:19:03.0617 6652 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:19:03.0665 6652 srv2 - ok
20:19:03.0708 6652 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:19:03.0764 6652 srvnet - ok
20:19:03.0826 6652 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:19:03.0872 6652 SSDPSRV - ok
20:19:03.0914 6652 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:19:03.0950 6652 ssmdrv - ok
20:19:04.0017 6652 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:19:04.0025 6652 SstpSvc - ok
20:19:04.0118 6652 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:19:04.0147 6652 stisvc - ok
20:19:04.0177 6652 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:19:04.0227 6652 swenum - ok
20:19:04.0294 6652 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:19:04.0311 6652 swprv - ok
20:19:04.0344 6652 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:19:04.0370 6652 Symc8xx - ok
20:19:04.0500 6652 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602000.009\SYMDS.SYS
20:19:04.0543 6652 SymDS - ok
20:19:04.0710 6652 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602000.009\SYMEFA.SYS
20:19:04.0750 6652 SymEFA - ok
20:19:04.0795 6652 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:19:04.0838 6652 SymEvent - ok
20:19:04.0903 6652 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602000.009\Ironx86.SYS
20:19:04.0943 6652 SymIRON - ok
20:19:05.0048 6652 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0601020.00A\SYMTDIV.SYS
20:19:05.0066 6652 SYMTDIv - ok
20:19:05.0101 6652 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:19:05.0108 6652 Sym_hi - ok
20:19:05.0126 6652 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:19:05.0175 6652 Sym_u3 - ok
20:19:05.0233 6652 SynTP (ac4459d34f22b52feb6e619746ff6bd4) C:\Windows\system32\DRIVERS\SynTP.sys
20:19:05.0276 6652 SynTP - ok
20:19:05.0349 6652 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:19:05.0374 6652 SysMain - ok
20:19:05.0404 6652 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:19:05.0461 6652 TabletInputService - ok
20:19:05.0524 6652 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:19:05.0574 6652 TapiSrv - ok
20:19:05.0624 6652 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:19:05.0664 6652 TBS - ok
20:19:05.0808 6652 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:19:05.0882 6652 Tcpip - ok
20:19:05.0932 6652 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:19:05.0940 6652 Tcpip6 - ok
20:19:05.0999 6652 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:19:06.0029 6652 tcpipreg - ok
20:19:06.0085 6652 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:19:06.0115 6652 tdcmdpst - ok
20:19:06.0148 6652 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:19:06.0188 6652 TDPIPE - ok
20:19:06.0214 6652 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:19:06.0240 6652 TDTCP - ok
20:19:06.0289 6652 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:19:06.0325 6652 tdx - ok
20:19:06.0367 6652 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:19:06.0407 6652 TermDD - ok
20:19:06.0487 6652 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:19:06.0504 6652 TermService - ok
20:19:06.0557 6652 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:19:06.0562 6652 Themes - ok
20:19:06.0595 6652 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:19:06.0598 6652 THREADORDER - ok
20:19:06.0657 6652 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
20:19:06.0672 6652 tifm21 - ok
20:19:06.0746 6652 TNaviSrv (b351aa72eae95c4447a3c5329977f064) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:19:06.0778 6652 TNaviSrv - ok
20:19:06.0834 6652 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
20:19:06.0886 6652 TODDSrv - ok
20:19:06.0969 6652 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:19:07.0079 6652 TosCoSrv - ok
20:19:07.0141 6652 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:19:07.0182 6652 tos_sps32 - ok
20:19:07.0228 6652 TpChoice - ok
20:19:07.0267 6652 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:19:07.0273 6652 TrkWks - ok
20:19:07.0322 6652 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:19:07.0362 6652 TrustedInstaller - ok
20:19:07.0409 6652 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:19:07.0458 6652 tssecsrv - ok
20:19:07.0534 6652 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:19:07.0553 6652 tunmp - ok
20:19:07.0585 6652 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:19:07.0618 6652 tunnel - ok
20:19:07.0662 6652 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:19:07.0696 6652 TVALZ - ok
20:19:07.0748 6652 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:19:07.0782 6652 uagp35 - ok
20:19:07.0850 6652 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:19:07.0868 6652 udfs - ok
20:19:07.0925 6652 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:19:07.0970 6652 UI0Detect - ok
20:19:08.0076 6652 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:19:08.0109 6652 UleadBurningHelper - ok
20:19:08.0169 6652 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:19:08.0200 6652 uliagpkx - ok
20:19:08.0238 6652 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:19:08.0252 6652 uliahci - ok
20:19:08.0287 6652 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:19:08.0330 6652 UlSata - ok
20:19:08.0366 6652 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:19:08.0414 6652 ulsata2 - ok
20:19:08.0468 6652 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:19:08.0499 6652 umbus - ok
20:19:08.0569 6652 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:19:08.0578 6652 upnphost - ok
20:19:08.0631 6652 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
20:19:08.0668 6652 USBAAPL - ok
20:19:08.0719 6652 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:19:08.0756 6652 usbccgp - ok
20:19:08.0804 6652 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:19:08.0836 6652 usbcir - ok
20:19:08.0924 6652 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:19:08.0970 6652 usbehci - ok
20:19:09.0027 6652 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:19:09.0032 6652 usbhub - ok
20:19:09.0067 6652 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:19:09.0095 6652 usbohci - ok
20:19:09.0140 6652 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:19:09.0178 6652 usbprint - ok
20:19:09.0241 6652 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:19:09.0272 6652 usbscan - ok
20:19:09.0295 6652 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:19:09.0351 6652 USBSTOR - ok
20:19:09.0386 6652 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:19:09.0422 6652 usbuhci - ok
20:19:09.0492 6652 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:19:09.0522 6652 usbvideo - ok
20:19:09.0573 6652 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
20:19:09.0630 6652 UVCFTR - ok
20:19:09.0681 6652 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:19:09.0686 6652 UxSms - ok
20:19:09.0778 6652 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:19:09.0836 6652 vds - ok
20:19:09.0885 6652 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:19:09.0914 6652 vga - ok
20:19:09.0960 6652 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:19:09.0993 6652 VgaSave - ok
20:19:10.0017 6652 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:19:10.0026 6652 viaagp - ok
20:19:10.0052 6652 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:19:10.0086 6652 ViaC7 - ok
20:19:10.0117 6652 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:19:10.0142 6652 viaide - ok
20:19:10.0184 6652 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:19:10.0220 6652 volmgr - ok
20:19:10.0298 6652 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:19:10.0349 6652 volmgrx - ok
20:19:10.0416 6652 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:19:10.0431 6652 volsnap - ok
20:19:10.0511 6652 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:19:10.0549 6652 vsmraid - ok
20:19:11.0082 6652 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:19:11.0223 6652 VSS - ok
20:19:11.0291 6652 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:19:11.0300 6652 W32Time - ok
20:19:11.0356 6652 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:19:11.0383 6652 WacomPen - ok
20:19:11.0437 6652 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:19:11.0488 6652 Wanarp - ok
20:19:11.0491 6652 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:19:11.0493 6652 Wanarpv6 - ok
20:19:11.0551 6652 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:19:11.0622 6652 wcncsvc - ok
20:19:11.0679 6652 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:19:11.0714 6652 WcsPlugInService - ok
20:19:11.0764 6652 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:19:11.0795 6652 Wd - ok
20:19:11.0889 6652 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:19:11.0921 6652 Wdf01000 - ok
20:19:11.0960 6652 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:19:11.0967 6652 WdiServiceHost - ok
20:19:11.0973 6652 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:19:11.0980 6652 WdiSystemHost - ok
20:19:12.0035 6652 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:19:12.0042 6652 WebClient - ok
20:19:12.0079 6652 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:19:12.0146 6652 Wecsvc - ok
20:19:12.0192 6652 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:19:12.0203 6652 wercplsupport - ok
20:19:12.0236 6652 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:19:12.0244 6652 WerSvc - ok
20:19:12.0326 6652 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:19:12.0376 6652 WinDefend - ok
20:19:12.0386 6652 WinHttpAutoProxySvc - ok
20:19:12.0452 6652 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:19:12.0464 6652 Winmgmt - ok
20:19:12.0582 6652 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:19:12.0648 6652 WinRM - ok
20:19:12.0733 6652 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:19:12.0788 6652 Wlansvc - ok
20:19:13.0047 6652 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:19:13.0096 6652 wlidsvc - ok
20:19:13.0269 6652 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:19:13.0300 6652 WmiAcpi - ok
20:19:13.0395 6652 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:19:13.0451 6652 wmiApSrv - ok
20:19:13.0622 6652 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:19:13.0701 6652 WMPNetworkSvc - ok
20:19:13.0744 6652 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:19:13.0783 6652 WPCSvc - ok
20:19:13.0822 6652 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:19:13.0828 6652 WPDBusEnum - ok
20:19:13.0891 6652 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:19:13.0924 6652 WpdUsb - ok
20:19:14.0849 6652 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:19:15.0240 6652 WPFFontCache_v0400 - ok
20:19:15.0345 6652 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:19:15.0403 6652 ws2ifsl - ok
20:19:15.0552 6652 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:19:15.0565 6652 wscsvc - ok
20:19:15.0571 6652 WSearch - ok
20:19:16.0259 6652 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:19:16.0344 6652 wuauserv - ok
20:19:16.0481 6652 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:19:16.0533 6652 WUDFRd - ok
20:19:16.0572 6652 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:19:16.0625 6652 wudfsvc - ok
20:19:16.0665 6652 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:19:16.0716 6652 \Device\Harddisk0\DR0 - ok
20:19:16.0719 6652 Boot (0x1200) (5ad2ed89f4ca6c392417583fbca1d56e) \Device\Harddisk0\DR0\Partition0
20:19:16.0721 6652 \Device\Harddisk0\DR0\Partition0 - ok
20:19:16.0722 6652 ============================================================
20:19:16.0722 6652 Scan finished
20:19:16.0722 6652 ============================================================
20:19:16.0735 6924 Detected object count: 1
20:19:16.0735 6924 Actual detected object count: 1
20:20:14.0856 6924 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:20:14.0857 6924 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:20:28.0850 6120 ============================================================
20:20:28.0850 6120 Scan started
20:20:28.0850 6120 Mode: Manual; TDLFS;
20:20:28.0850 6120 ============================================================
20:20:29.0003 6120 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:20:29.0006 6120 ACPI - ok
20:20:29.0042 6120 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
20:20:29.0043 6120 adfs - ok
20:20:29.0111 6120 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:20:29.0115 6120 adp94xx - ok
20:20:29.0166 6120 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:20:29.0169 6120 adpahci - ok
20:20:29.0192 6120 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:20:29.0193 6120 adpu160m - ok
20:20:29.0238 6120 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:20:29.0240 6120 adpu320 - ok
20:20:29.0283 6120 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:20:29.0284 6120 AeLookupSvc - ok
20:20:29.0330 6120 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:20:29.0332 6120 AFD - ok
20:20:29.0358 6120 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
20:20:29.0359 6120 AgereModemAudio - ok
20:20:29.0476 6120 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
20:20:29.0485 6120 AgereSoftModem - ok
20:20:29.0525 6120 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:20:29.0526 6120 agp440 - ok
20:20:29.0547 6120 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:20:29.0548 6120 aic78xx - ok
20:20:29.0886 6120 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files\common files\akamai/netsession_win_6c825ce.dll
20:20:29.0886 6120 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
20:20:29.0896 6120 Akamai ( HiddenFile.Multi.Generic ) - warning
20:20:29.0896 6120 Akamai - detected HiddenFile.Multi.Generic (1)
20:20:30.0025 6120 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:20:30.0026 6120 ALG - ok
20:20:30.0071 6120 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:20:30.0072 6120 aliide - ok
20:20:30.0096 6120 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:20:30.0097 6120 amdagp - ok
20:20:30.0124 6120 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:20:30.0124 6120 amdide - ok
20:20:30.0146 6120 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:20:30.0147 6120 AmdK7 - ok
20:20:30.0171 6120 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
20:20:30.0172 6120 AmdK8 - ok
20:20:30.0248 6120 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:20:30.0250 6120 AntiVirSchedulerService - ok
20:20:30.0294 6120 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:20:30.0297 6120 AntiVirService - ok
20:20:30.0334 6120 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:20:30.0335 6120 Appinfo - ok
20:20:30.0403 6120 Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:20:30.0406 6120 Apple Mobile Device - ok
20:20:30.0448 6120 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:20:30.0449 6120 arc - ok
20:20:30.0472 6120 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:20:30.0473 6120 arcsas - ok
20:20:30.0511 6120 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:20:30.0513 6120 AsyncMac - ok
20:20:30.0538 6120 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:20:30.0538 6120 atapi - ok
20:20:30.0591 6120 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:20:30.0594 6120 AudioEndpointBuilder - ok
20:20:30.0600 6120 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:20:30.0604 6120 Audiosrv - ok
20:20:30.0628 6120 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
20:20:30.0629 6120 avgntflt - ok
20:20:30.0664 6120 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
20:20:30.0666 6120 avipbb - ok
20:20:30.0714 6120 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:20:30.0715 6120 Beep - ok
20:20:30.0764 6120 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:20:30.0767 6120 BFE - ok
20:20:30.0969 6120 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
20:20:30.0977 6120 BHDrvx86 - ok
20:20:31.0051 6120 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:20:31.0061 6120 BITS - ok
20:20:31.0089 6120 blbdrive - ok
20:20:31.0177 6120 Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files\Bonjour\mDNSResponder.exe
20:20:31.0181 6120 Bonjour Service - ok
20:20:31.0216 6120 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:20:31.0218 6120 bowser - ok
20:20:31.0248 6120 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:20:31.0249 6120 BrFiltLo - ok
20:20:31.0272 6120 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:20:31.0273 6120 BrFiltUp - ok
20:20:31.0305 6120 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:20:31.0306 6120 Browser - ok
20:20:31.0332 6120 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:20:31.0333 6120 Brserid - ok
20:20:31.0361 6120 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:20:31.0362 6120 BrSerWdm - ok
20:20:31.0390 6120 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:20:31.0391 6120 BrUsbMdm - ok
20:20:31.0404 6120 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:20:31.0404 6120 BrUsbSer - ok
20:20:31.0475 6120 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
20:20:31.0478 6120 BrYNSvc - ok
20:20:31.0524 6120 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:20:31.0525 6120 BTHMODEM - ok
20:20:31.0602 6120 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602000.009\ccSetx86.sys
20:20:31.0604 6120 ccSet_N360 - ok
20:20:31.0635 6120 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:20:31.0636 6120 cdfs - ok
20:20:31.0697 6120 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:20:31.0698 6120 cdrom - ok
20:20:31.0761 6120 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:20:31.0763 6120 CertPropSvc - ok
20:20:31.0819 6120 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
20:20:31.0820 6120 CFSvcs - ok
20:20:31.0858 6120 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:20:31.0859 6120 circlass - ok
20:20:31.0911 6120 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:20:31.0914 6120 CLFS - ok
20:20:31.0995 6120 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:20:31.0997 6120 clr_optimization_v2.0.50727_32 - ok
20:20:32.0076 6120 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:20:32.0078 6120 clr_optimization_v4.0.30319_32 - ok
20:20:32.0103 6120 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:20:32.0105 6120 CmBatt - ok
20:20:32.0148 6120 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:20:32.0149 6120 cmdide - ok
20:20:32.0172 6120 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:20:32.0173 6120 Compbatt - ok
20:20:32.0180 6120 COMSysApp - ok
20:20:32.0193 6120 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:20:32.0195 6120 crcdisk - ok
20:20:32.0223 6120 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:20:32.0225 6120 Crusoe - ok
20:20:32.0268 6120 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:20:32.0271 6120 CryptSvc - ok
20:20:32.0365 6120 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:20:32.0375 6120 DcomLaunch - ok
20:20:32.0416 6120 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:20:32.0418 6120 DfsC - ok
20:20:32.0634 6120 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:20:32.0661 6120 DFSR - ok
20:20:32.0883 6120 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:20:32.0886 6120 Dhcp - ok
20:20:32.0937 6120 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:20:32.0938 6120 disk - ok
20:20:32.0941 6120 dlbk_device - ok
20:20:32.0977 6120 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:20:32.0979 6120 Dnscache - ok
20:20:33.0013 6120 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:20:33.0015 6120 dot3svc - ok
20:20:33.0048 6120 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:20:33.0050 6120 DPS - ok
20:20:33.0080 6120 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:20:33.0081 6120 drmkaud - ok
20:20:33.0156 6120 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:20:33.0161 6120 DXGKrnl - ok
20:20:33.0206 6120 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:20:33.0207 6120 E1G60 - ok
20:20:33.0240 6120 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:20:33.0242 6120 EapHost - ok
20:20:33.0285 6120 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:20:33.0287 6120 Ecache - ok
20:20:33.0383 6120 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:20:33.0387 6120 eeCtrl - ok
20:20:33.0456 6120 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:20:33.0459 6120 ehRecvr - ok
20:20:33.0494 6120 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:20:33.0495 6120 ehSched - ok
20:20:33.0508 6120 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:20:33.0510 6120 ehstart - ok
20:20:33.0568 6120 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:20:33.0571 6120 elxstor - ok
20:20:33.0643 6120 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:20:33.0650 6120 EMDMgmt - ok
20:20:33.0718 6120 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:20:33.0720 6120 EraserUtilRebootDrv - ok
20:20:33.0764 6120 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:20:33.0767 6120 EventSystem - ok
20:20:33.0878 6120 EvtEng (298c8f404968a600d1c298d43783bdb8) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:20:33.0883 6120 EvtEng - ok
20:20:33.0958 6120 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:20:33.0961 6120 exfat - ok
20:20:34.0001 6120 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:20:34.0003 6120 fastfat - ok
20:20:34.0027 6120 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
20:20:34.0028 6120 fdc - ok
20:20:34.0056 6120 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:20:34.0059 6120 fdPHost - ok
20:20:34.0082 6120 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:20:34.0084 6120 FDResPub - ok
20:20:34.0115 6120 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:20:34.0116 6120 FileInfo - ok
20:20:34.0143 6120 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:20:34.0144 6120 Filetrace - ok
20:20:34.0246 6120 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:20:34.0252 6120 FLEXnet Licensing Service - ok
20:20:34.0304 6120 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:20:34.0306 6120 flpydisk - ok
20:20:34.0352 6120 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:20:34.0354 6120 FltMgr - ok
20:20:34.0445 6120 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:20:34.0454 6120 FontCache - ok
20:20:34.0534 6120 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:20:34.0536 6120 FontCache3.0.0.0 - ok
20:20:34.0557 6120 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:20:34.0559 6120 Fs_Rec - ok
20:20:34.0589 6120 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:20:34.0590 6120 gagp30kx - ok
20:20:34.0632 6120 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:20:34.0633 6120 GEARAspiWDM - ok
20:20:34.0703 6120 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:20:34.0709 6120 gpsvc - ok
20:20:34.0800 6120 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:20:34.0802 6120 gupdate - ok
20:20:34.0806 6120 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:20:34.0808 6120 gupdatem - ok
20:20:34.0843 6120 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:20:34.0845 6120 gusvc - ok
20:20:34.0891 6120 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:20:34.0893 6120 HdAudAddService - ok
20:20:34.0958 6120 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:20:34.0962 6120 HDAudBus - ok
20:20:34.0987 6120 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:20:34.0987 6120 HidBth - ok
20:20:35.0010 6120 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:20:35.0011 6120 HidIr - ok
20:20:35.0052 6120 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:20:35.0054 6120 hidserv - ok
20:20:35.0073 6120 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:20:35.0075 6120 HidUsb - ok
20:20:35.0107 6120 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:20:35.0110 6120 hkmsvc - ok
20:20:35.0141 6120 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:20:35.0142 6120 HpCISSs - ok
20:20:35.0198 6120 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:20:35.0202 6120 HTTP - ok
20:20:35.0221 6120 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:20:35.0222 6120 i2omp - ok
20:20:35.0263 6120 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:20:35.0264 6120 i8042prt - ok
20:20:35.0319 6120 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
20:20:35.0328 6120 iaStor - ok
20:20:35.0386 6120 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:20:35.0390 6120 iaStorV - ok
20:20:35.0555 6120 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:20:35.0567 6120 idsvc - ok
20:20:35.0767 6120 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120427.001\IDSvix86.sys
20:20:35.0778 6120 IDSVix86 - ok
20:20:36.0148 6120 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:20:36.0171 6120 igfx - ok
20:20:36.0343 6120 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:20:36.0344 6120 iirsp - ok
20:20:36.0425 6120 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:20:36.0438 6120 IKEEXT - ok
20:20:36.0671 6120 IntcAzAudAddService (ffd2b3bc042596abe785d3c15f51ab46) C:\Windows\system32\drivers\RTKVHDA.sys
20:20:36.0695 6120 IntcAzAudAddService - ok
20:20:36.0864 6120 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:20:36.0867 6120 intelide - ok
20:20:36.0889 6120 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:20:36.0891 6120 intelppm - ok
20:20:36.0931 6120 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:20:36.0935 6120 IPBusEnum - ok
20:20:36.0963 6120 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:20:36.0964 6120 IpFilterDriver - ok
20:20:37.0014 6120 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:20:37.0019 6120 iphlpsvc - ok
20:20:37.0025 6120 IpInIp - ok
20:20:37.0069 6120 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:20:37.0070 6120 IPMIDRV - ok
20:20:37.0112 6120 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:20:37.0114 6120 IPNAT - ok
20:20:37.0220 6120 iPod Service (630d74599070824af3dc63a894adcdfc) C:\Program Files\iPod\bin\iPodService.exe
20:20:37.0228 6120 iPod Service - ok
20:20:37.0254 6120 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:20:37.0256 6120 IRENUM - ok
20:20:37.0284 6120 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:20:37.0285 6120 isapnp - ok
20:20:37.0331 6120 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:20:37.0333 6120 iScsiPrt - ok
20:20:37.0360 6120 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:20:37.0361 6120 iteatapi - ok
20:20:37.0398 6120 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:20:37.0399 6120 iteraid - ok
20:20:37.0436 6120 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:20:37.0437 6120 kbdclass - ok
20:20:37.0461 6120 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:20:37.0464 6120 kbdhid - ok
20:20:37.0475 6120 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:20:37.0478 6120 KeyIso - ok
20:20:37.0538 6120 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:20:37.0542 6120 KSecDD - ok
20:20:37.0589 6120 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:20:37.0598 6120 KtmRm - ok
20:20:37.0627 6120 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:20:37.0631 6120 LanmanServer - ok
20:20:37.0677 6120 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:20:37.0682 6120 LanmanWorkstation - ok
20:20:37.0742 6120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:20:37.0743 6120 lltdio - ok
20:20:37.0782 6120 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:20:37.0785 6120 lltdsvc - ok
20:20:37.0823 6120 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:20:37.0826 6120 lmhosts - ok
20:20:37.0847 6120 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
20:20:37.0849 6120 LPCFilter - ok
20:20:37.0873 6120 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:20:37.0874 6120 LSI_FC - ok
20:20:37.0901 6120 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:20:37.0902 6120 LSI_SAS - ok
20:20:37.0936 6120 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:20:37.0937 6120 LSI_SCSI - ok
20:20:37.0979 6120 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:20:37.0980 6120 luafv - ok
20:20:38.0008 6120 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys
20:20:38.0009 6120 MBAMSwissArmy - ok
20:20:38.0083 6120 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
20:20:38.0085 6120 McComponentHostService - ok
20:20:38.0130 6120 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:20:38.0133 6120 Mcx2Svc - ok
20:20:38.0175 6120 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:20:38.0176 6120 megasas - ok
20:20:38.0204 6120 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:20:38.0207 6120 MMCSS - ok
20:20:38.0238 6120 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:20:38.0239 6120 Modem - ok
20:20:38.0273 6120 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:20:38.0274 6120 monitor - ok
20:20:38.0299 6120 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:20:38.0300 6120 mouclass - ok
20:20:38.0319 6120 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:20:38.0322 6120 mouhid - ok
20:20:38.0359 6120 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:20:38.0360 6120 MountMgr - ok
20:20:38.0382 6120 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:20:38.0383 6120 mpio - ok
20:20:38.0407 6120 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:20:38.0409 6120 mpsdrv - ok
20:20:38.0467 6120 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:20:38.0473 6120 MpsSvc - ok
20:20:38.0498 6120 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:20:38.0499 6120 Mraid35x - ok
20:20:38.0541 6120 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:20:38.0544 6120 MRxDAV - ok
20:20:38.0584 6120 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:20:38.0586 6120 mrxsmb - ok
20:20:38.0635 6120 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:20:38.0638 6120 mrxsmb10 - ok
20:20:38.0649 6120 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:20:38.0651 6120 mrxsmb20 - ok
20:20:38.0685 6120 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:20:38.0686 6120 msahci - ok
20:20:38.0713 6120 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:20:38.0714 6120 msdsm - ok
20:20:38.0768 6120 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:20:38.0772 6120 MSDTC - ok
20:20:38.0806 6120 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:20:38.0807 6120 Msfs - ok
20:20:38.0836 6120 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:20:38.0839 6120 msisadrv - ok
20:20:38.0880 6120 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:20:38.0884 6120 MSiSCSI - ok
20:20:38.0889 6120 msiserver - ok
20:20:38.0936 6120 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:20:38.0938 6120 MSKSSRV - ok
20:20:38.0977 6120 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:20:38.0979 6120 MSPCLOCK - ok
20:20:38.0992 6120 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:20:38.0994 6120 MSPQM - ok
20:20:39.0035 6120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:20:39.0038 6120 MsRPC - ok
20:20:39.0056 6120 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:20:39.0057 6120 mssmbios - ok
20:20:39.0074 6120 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:20:39.0076 6120 MSTEE - ok
20:20:39.0103 6120 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:20:39.0105 6120 Mup - ok
20:20:39.0224 6120 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.0.9\ccSvcHst.exe
20:20:39.0226 6120 N360 - ok
20:20:39.0276 6120 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:20:39.0282 6120 napagent - ok
20:20:39.0313 6120 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:20:39.0316 6120 NativeWifiP - ok
20:20:39.0494 6120 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120428.016\NAVENG.SYS
20:20:39.0498 6120 NAVENG - ok
20:20:39.0661 6120 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120428.016\NAVEX15.SYS
20:20:39.0693 6120 NAVEX15 - ok
20:20:39.0855 6120 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:20:39.0862 6120 NDIS - ok
20:20:39.0888 6120 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:20:39.0890 6120 NdisTapi - ok
20:20:39.0917 6120 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:20:39.0920 6120 Ndisuio - ok
20:20:39.0957 6120 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:20:39.0958 6120 NdisWan - ok
20:20:39.0988 6120 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:20:39.0990 6120 NDProxy - ok
20:20:40.0010 6120 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:20:40.0011 6120 NetBIOS - ok
20:20:40.0052 6120 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:20:40.0054 6120 netbt - ok
20:20:40.0078 6120 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:20:40.0080 6120 Netlogon - ok
20:20:40.0126 6120 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:20:40.0130 6120 Netman - ok
20:20:40.0168 6120 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:20:40.0172 6120 netprofm - ok
20:20:40.0241 6120 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:20:40.0243 6120 NetTcpPortSharing - ok
20:20:40.0396 6120 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
20:20:40.0413 6120 NETw3v32 - ok
20:20:40.0719 6120 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
20:20:40.0739 6120 NETw4v32 - ok
20:20:40.0897 6120 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:20:40.0898 6120 nfrd960 - ok
20:20:40.0943 6120 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:20:40.0949 6120 NlaSvc - ok
20:20:40.0976 6120 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:20:40.0978 6120 Npfs - ok
20:20:41.0004 6120 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:20:41.0008 6120 nsi - ok
20:20:41.0036 6120 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:20:41.0038 6120 nsiproxy - ok
20:20:41.0152 6120 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:20:41.0161 6120 Ntfs - ok
20:20:41.0193 6120 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:20:41.0193 6120 ntrigdigi - ok
20:20:41.0224 6120 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:20:41.0226 6120 Null - ok
20:20:41.0250 6120 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:20:41.0252 6120 nvraid - ok
20:20:41.0275 6120 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:20:41.0276 6120 nvstor - ok
20:20:41.0306 6120 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:20:41.0308 6120 nv_agp - ok
20:20:41.0314 6120 NwlnkFlt - ok
20:20:41.0323 6120 NwlnkFwd - ok
20:20:41.0373 6120 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:20:41.0374 6120 ohci1394 - ok
20:20:41.0441 6120 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:20:41.0458 6120 p2pimsvc - ok
20:20:41.0469 6120 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:20:41.0478 6120 p2psvc - ok
20:20:41.0509 6120 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:20:41.0510 6120 Parport - ok
20:20:41.0543 6120 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:20:41.0544 6120 partmgr - ok
20:20:41.0563 6120 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:20:41.0566 6120 Parvdm - ok
20:20:41.0601 6120 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:20:41.0604 6120 PcaSvc - ok
20:20:41.0645 6120 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:20:41.0647 6120 pci - ok
20:20:41.0663 6120 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
20:20:41.0665 6120 pciide - ok
20:20:41.0697 6120 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
20:20:41.0699 6120 pcmcia - ok
20:20:41.0791 6120 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:20:41.0798 6120 PEAUTH - ok
20:20:41.0938 6120 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:20:41.0968 6120 pla - ok
20:20:42.0113 6120 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:20:42.0118 6120 PlugPlay - ok
20:20:42.0184 6120 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:20:42.0191 6120 PNRPAutoReg - ok
20:20:42.0201 6120 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:20:42.0209 6120 PNRPsvc - ok
20:20:42.0253 6120 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:20:42.0257 6120 PolicyAgent - ok
20:20:42.0310 6120 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:20:42.0312 6120 PptpMiniport - ok
20:20:42.0344 6120 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:20:42.0345 6120 Processor - ok
20:20:42.0386 6120 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:20:42.0390 6120 ProfSvc - ok
20:20:42.0422 6120 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:20:42.0425 6120 ProtectedStorage - ok
20:20:42.0454 6120 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:20:42.0455 6120 PSched - ok
20:20:42.0543 6120 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:20:42.0551 6120 ql2300 - ok
20:20:42.0589 6120 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:20:42.0591 6120 ql40xx - ok
20:20:42.0637 6120 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:20:42.0642 6120 QWAVE - ok
20:20:42.0681 6120 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:20:42.0682 6120 QWAVEdrv - ok
20:20:42.0711 6120 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:20:42.0713 6120 RasAcd - ok
20:20:42.0750 6120 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:20:42.0754 6120 RasAuto - ok
20:20:42.0781 6120 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:20:42.0782 6120 Rasl2tp - ok
20:20:42.0827 6120 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:20:42.0831 6120 RasMan - ok
20:20:42.0864 6120 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:20:42.0865 6120 RasPppoe - ok
20:20:42.0879 6120 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:20:42.0880 6120 RasSstp - ok
20:20:42.0924 6120 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:20:42.0927 6120 rdbss - ok
20:20:42.0947 6120 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:20:42.0949 6120 RDPCDD - ok
20:20:43.0005 6120 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:20:43.0007 6120 rdpdr - ok
20:20:43.0017 6120 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:20:43.0019 6120 RDPENCDD - ok
20:20:43.0062 6120 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:20:43.0065 6120 RDPWD - ok
20:20:43.0163 6120 RegSrvc (83a5d92ace4465c667d1d55fcdab2658) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:20:43.0166 6120 RegSrvc - ok
20:20:43.0193 6120 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:20:43.0195 6120 RemoteAccess - ok
20:20:43.0233 6120 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:20:43.0237 6120 RemoteRegistry - ok
20:20:43.0267 6120 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:20:43.0271 6120 RpcLocator - ok
20:20:43.0340 6120 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
20:20:43.0348 6120 RpcSs - ok
20:20:43.0396 6120 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:20:43.0398 6120 rspndr - ok
20:20:43.0429 6120 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:20:43.0430 6120 RTL8169 - ok
20:20:43.0456 6120 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:20:43.0458 6120 SamSs - ok
20:20:43.0497 6120 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:20:43.0499 6120 sbp2port - ok
20:20:43.0539 6120 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:20:43.0545 6120 SCardSvr - ok
20:20:43.0574 6120 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\Windows\system32\drivers\SCDEmu.sys
20:20:43.0576 6120 SCDEmu - ok
20:20:43.0675 6120 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:20:43.0693 6120 Schedule - ok
20:20:43.0729 6120 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:20:43.0731 6120 SCPolicySvc - ok
20:20:43.0793 6120 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:20:43.0795 6120 sdbus - ok
20:20:43.0839 6120 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:20:43.0845 6120 SDRSVC - ok
20:20:43.0878 6120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:20:43.0882 6120 secdrv - ok
20:20:43.0910 6120 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:20:43.0915 6120 seclogon - ok
20:20:43.0933 6120 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:20:43.0939 6120 SENS - ok
20:20:43.0969 6120 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:20:43.0972 6120 Serenum - ok
20:20:44.0007 6120 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:20:44.0009 6120 Serial - ok
20:20:44.0051 6120 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:20:44.0054 6120 sermouse - ok
20:20:44.0118 6120 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:20:44.0125 6120 SessionEnv - ok
20:20:44.0158 6120 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
20:20:44.0161 6120 sffdisk - ok
20:20:44.0186 6120 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
20:20:44.0189 6120 sffp_mmc - ok
20:20:44.0224 6120 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:20:44.0227 6120 sffp_sd - ok
20:20:44.0246 6120 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:20:44.0249 6120 sfloppy - ok
20:20:44.0295 6120 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:20:44.0301 6120 SharedAccess - ok
20:20:44.0350 6120 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:20:44.0357 6120 ShellHWDetection - ok
20:20:44.0384 6120 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:20:44.0385 6120 sisagp - ok
20:20:44.0411 6120 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:20:44.0412 6120 SiSRaid2 - ok
20:20:44.0434 6120 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:20:44.0436 6120 SiSRaid4 - ok
20:20:44.0819 6120 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:20:44.0860 6120 slsvc - ok
20:20:45.0027 6120 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:20:45.0033 6120 SLUINotify - ok
20:20:45.0083 6120 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:20:45.0086 6120 Smb - ok
20:20:45.0134 6120 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:20:45.0139 6120 SNMPTRAP - ok
20:20:45.0165 6120 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:20:45.0166 6120 spldr - ok
20:20:45.0198 6120 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:20:45.0202 6120 Spooler - ok
20:20:45.0275 6120 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\Windows\System32\Drivers\N360\0601020.00A\SRTSP.SYS
20:20:45.0280 6120 SRTSP - ok
20:20:45.0354 6120 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602000.009\SRTSPX.SYS
20:20:45.0355 6120 SRTSPX - ok
20:20:45.0406 6120 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:20:45.0410 6120 srv - ok
20:20:45.0434 6120 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:20:45.0436 6120 srv2 - ok
20:20:45.0461 6120 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:20:45.0462 6120 srvnet - ok
20:20:45.0497 6120 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:20:45.0501 6120 SSDPSRV - ok
20:20:45.0534 6120 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:20:45.0535 6120 ssmdrv - ok
20:20:45.0567 6120 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:20:45.0571 6120 SstpSvc - ok
20:20:45.0635 6120 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:20:45.0644 6120 stisvc - ok
20:20:45.0675 6120 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:20:45.0678 6120 swenum - ok
20:20:45.0740 6120 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:20:45.0746 6120 swprv - ok
20:20:45.0786 6120 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:20:45.0787 6120 Symc8xx - ok
20:20:45.0889 6120 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602000.009\SYMDS.SYS
20:20:45.0892 6120 SymDS - ok
20:20:46.0034 6120 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602000.009\SYMEFA.SYS
20:20:46.0043 6120 SymEFA - ok
20:20:46.0082 6120 SymEvent (555fb450fe6908600310e990738b41d6) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:20:46.0084 6120 SymEvent - ok
20:20:46.0114 6120 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602000.009\Ironx86.SYS
20:20:46.0116 6120 SymIRON - ok
20:20:46.0213 6120 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\N360\0601020.00A\SYMTDIV.SYS
20:20:46.0216 6120 SYMTDIv - ok
20:20:46.0255 6120 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:20:46.0256 6120 Sym_hi - ok
20:20:46.0279 6120 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:20:46.0281 6120 Sym_u3 - ok
20:20:46.0331 6120 SynTP (ac4459d34f22b52feb6e619746ff6bd4) C:\Windows\system32\DRIVERS\SynTP.sys
20:20:46.0334 6120 SynTP - ok
20:20:46.0404 6120 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:20:46.0412 6120 SysMain - ok
20:20:46.0446 6120 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:20:46.0450 6120 TabletInputService - ok
20:20:46.0498 6120 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:20:46.0505 6120 TapiSrv - ok
20:20:46.0534 6120 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:20:46.0538 6120 TBS - ok
20:20:46.0639 6120 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:20:46.0649 6120 Tcpip - ok
20:20:46.0668 6120 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:20:46.0677 6120 Tcpip6 - ok
20:20:46.0719 6120 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:20:46.0720 6120 tcpipreg - ok
20:20:46.0749 6120 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:20:46.0752 6120 tdcmdpst - ok
20:20:46.0779 6120 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:20:46.0782 6120 TDPIPE - ok
20:20:46.0811 6120 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:20:46.0812 6120 TDTCP - ok
20:20:46.0855 6120 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:20:46.0857 6120 tdx - ok
20:20:46.0887 6120 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:20:46.0889 6120 TermDD - ok
20:20:46.0949 6120 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:20:46.0961 6120 TermService - ok
20:20:47.0010 6120 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:20:47.0015 6120 Themes - ok
20:20:47.0048 6120 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:20:47.0051 6120 THREADORDER - ok
20:20:47.0096 6120 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
20:20:47.0099 6120 tifm21 - ok
20:20:47.0190 6120 TNaviSrv (b351aa72eae95c4447a3c5329977f064) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
20:20:47.0192 6120 TNaviSrv - ok
20:20:47.0243 6120 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
20:20:47.0247 6120 TODDSrv - ok
20:20:47.0300 6120 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:20:47.0304 6120 TosCoSrv - ok
20:20:47.0340 6120 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:20:47.0342 6120 tos_sps32 - ok
20:20:47.0348 6120 TpChoice - ok
20:20:47.0388 6120 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:20:47.0393 6120 TrkWks - ok
20:20:47.0442 6120 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:20:47.0443 6120 TrustedInstaller - ok
20:20:47.0472 6120 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:20:47.0474 6120 tssecsrv - ok
20:20:47.0499 6120 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:20:47.0502 6120 tunmp - ok
20:20:47.0517 6120 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:20:47.0518 6120 tunnel - ok
20:20:47.0548 6120 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:20:47.0550 6120 TVALZ - ok
20:20:47.0588 6120 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:20:47.0590 6120 uagp35 - ok
20:20:47.0641 6120 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:20:47.0644 6120 udfs - ok
20:20:47.0688 6120 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:20:47.0691 6120 UI0Detect - ok
20:20:47.0844 6120 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
20:20:47.0846 6120 UleadBurningHelper - ok
20:20:47.0890 6120 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:20:47.0892 6120 uliagpkx - ok
20:20:47.0930 6120 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:20:47.0934 6120 uliahci - ok
20:20:47.0966 6120 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:20:47.0968 6120 UlSata - ok
20:20:48.0011 6120 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:20:48.0014 6120 ulsata2 - ok
20:20:48.0055 6120 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:20:48.0056 6120 umbus - ok
20:20:48.0100 6120 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:20:48.0105 6120 upnphost - ok
20:20:48.0140 6120 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
20:20:48.0141 6120 USBAAPL - ok
20:20:48.0173 6120 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:20:48.0174 6120 usbccgp - ok
20:20:48.0201 6120 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:20:48.0202 6120 usbcir - ok
20:20:48.0222 6120 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:20:48.0223 6120 usbehci - ok
20:20:48.0258 6120 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:20:48.0263 6120 usbhub - ok
20:20:48.0286 6120 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:20:48.0288 6120 usbohci - ok
20:20:48.0316 6120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:20:48.0318 6120 usbprint - ok
20:20:48.0361 6120 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:20:48.0362 6120 usbscan - ok
20:20:48.0394 6120 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:20:48.0395 6120 USBSTOR - ok
20:20:48.0417 6120 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:20:48.0418 6120 usbuhci - ok
20:20:48.0456 6120 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:20:48.0457 6120 usbvideo - ok
20:20:48.0473 6120 UVCFTR (237c444fbd1c697a2e3fa60f02c61f22) C:\Windows\system32\Drivers\UVCFTR_S.SYS
20:20:48.0476 6120 UVCFTR - ok
20:20:48.0512 6120 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:20:48.0516 6120 UxSms - ok
20:20:48.0577 6120 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:20:48.0584 6120 vds - ok
20:20:48.0616 6120 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:20:48.0618 6120 vga - ok
20:20:48.0658 6120 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:20:48.0659 6120 VgaSave - ok
20:20:48.0693 6120 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:20:48.0694 6120 viaagp - ok
20:20:48.0739 6120 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:20:48.0740 6120 ViaC7 - ok
20:20:48.0760 6120 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:20:48.0762 6120 viaide - ok
20:20:48.0793 6120 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:20:48.0795 6120 volmgr - ok
20:20:48.0852 6120 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:20:48.0855 6120 volmgrx - ok
20:20:48.0915 6120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:20:48.0918 6120 volsnap - ok
20:20:48.0950 6120 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:20:48.0952 6120 vsmraid - ok
20:20:49.0055 6120 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:20:49.0072 6120 VSS - ok
20:20:49.0119 6120 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:20:49.0128 6120 W32Time - ok
20:20:49.0188 6120 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:20:49.0189 6120 WacomPen - ok
20:20:49.0236 6120 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:20:49.0238 6120 Wanarp - ok
20:20:49.0242 6120 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:20:49.0244 6120 Wanarpv6 - ok
20:20:49.0303 6120 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:20:49.0310 6120 wcncsvc - ok
20:20:49.0332 6120 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:20:49.0336 6120 WcsPlugInService - ok
20:20:49.0373 6120 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:20:49.0376 6120 Wd - ok
20:20:49.0452 6120 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:20:49.0458 6120 Wdf01000 - ok
20:20:49.0489 6120 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:20:49.0495 6120 WdiServiceHost - ok
20:20:49.0501 6120 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:20:49.0507 6120 WdiSystemHost - ok
20:20:49.0550 6120 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:20:49.0558 6120 WebClient - ok
20:20:49.0599 6120 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:20:49.0605 6120 Wecsvc - ok
20:20:49.0635 6120 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:20:49.0639 6120 wercplsupport - ok
20:20:49.0689 6120 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:20:49.0695 6120 WerSvc - ok
20:20:49.0772 6120 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:20:49.0775 6120 WinDefend - ok
20:20:49.0783 6120 WinHttpAutoProxySvc - ok
20:20:49.0839 6120 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:20:49.0842 6120 Winmgmt - ok
20:20:49.0956 6120 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:20:49.0971 6120 WinRM - ok
20:20:50.0054 6120 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:20:50.0063 6120 Wlansvc - ok
20:20:50.0278 6120 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:20:50.0298 6120 wlidsvc - ok
20:20:50.0456 6120 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:20:50.0459 6120 WmiAcpi - ok
20:20:50.0542 6120 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:20:50.0545 6120 wmiApSrv - ok
20:20:50.0678 6120 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:20:50.0689 6120 WMPNetworkSvc - ok
20:20:50.0722 6120 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:20:50.0731 6120 WPCSvc - ok
20:20:50.0764 6120 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:20:50.0771 6120 WPDBusEnum - ok
20:20:50.0834 6120 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:20:50.0836 6120 WpdUsb - ok
20:20:51.0013 6120 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:20:51.0020 6120 WPFFontCache_v0400 - ok
20:20:51.0047 6120 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:20:51.0049 6120 ws2ifsl - ok
20:20:51.0074 6120 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:20:51.0079 6120 wscsvc - ok
20:20:51.0084 6120 WSearch - ok
20:20:51.0249 6120 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:20:51.0287 6120 wuauserv - ok
20:20:51.0425 6120 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:20:51.0427 6120 WUDFRd - ok
20:20:51.0459 6120 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:20:51.0463 6120 wudfsvc - ok
20:20:51.0496 6120 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:20:51.0720 6120 \Device\Harddisk0\DR0 - ok
20:20:51.0724 6120 Boot (0x1200) (5ad2ed89f4ca6c392417583fbca1d56e) \Device\Harddisk0\DR0\Partition0
20:20:51.0727 6120 \Device\Harddisk0\DR0\Partition0 - ok
20:20:51.0728 6120 ============================================================
20:20:51.0728 6120 Scan finished
20:20:51.0728 6120 ============================================================
20:20:51.0753 0952 Detected object count: 1
20:20:51.0753 0952 Actual detected object count: 1
20:20:58.0013 0952 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
20:20:58.0013 0952 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
20:21:54.0678 5584 Deinitialize success

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 29 April 2012 - 11:54 PM

:thumbup2:

#5 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 April 2012 - 05:47 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-30 06:47:08
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBDO
Running: fqsx72iq.exe; Driver: C:\Users\Owner\AppData\Local\Temp\pwdoapow.sys


---- System - GMER 1.0.15 ----

SSDT 91D13EF0 ZwAlertResumeThread
SSDT 91D13FD0 ZwAlertThread
SSDT 91CFB8E0 ZwAllocateVirtualMemory
SSDT 918D9A10 ZwAlpcConnectPort
SSDT 91D13518 ZwAssignProcessToJobObject
SSDT 91D13C40 ZwCreateMutant
SSDT 92610986 ZwCreateSection
SSDT 91D13238 ZwCreateSymbolicLinkObject
SSDT 91CFBD68 ZwCreateThread
SSDT 91D13678 ZwDebugActiveProcess
SSDT 91CFBAB0 ZwDuplicateObject
SSDT 91CFB700 ZwFreeVirtualMemory
SSDT 91D13D30 ZwImpersonateAnonymousToken
SSDT 91D13E10 ZwImpersonateThread
SSDT 919009A8 ZwLoadDriver
SSDT 91CFB600 ZwMapViewOfSection
SSDT 91D13B60 ZwOpenEvent
SSDT 91CFBC50 ZwOpenProcess
SSDT 91CFB9D0 ZwOpenProcessToken
SSDT 91D13920 ZwOpenSection
SSDT 91CFBB80 ZwOpenThread
SSDT 91D13428 ZwProtectVirtualMemory
SSDT 91CFB0B0 ZwResumeThread
SSDT 91CFB350 ZwSetContextThread
SSDT 91CFB430 ZwSetInformationProcess
SSDT 91D137D8 ZwSetSystemInformation
SSDT 91D13A80 ZwSuspendProcess
SSDT 91CFB190 ZwSuspendThread
SSDT 91CFBE48 ZwTerminateProcess
SSDT 91CFB270 ZwTerminateThread
SSDT 91CFB520 ZwUnmapViewOfSection
SSDT 91CFB7F0 ZwWriteVirtualMemory
SSDT 91D13328 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 822F88A0 8 Bytes [F0, 3E, D1, 91, D0, 3F, D1, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 822F88B4 4 Bytes [E0, B8, CF, 91] {LOOPNZ 0xffffffffffffffba; IRET ; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 13D 822F88C0 4 Bytes [10, 9A, 8D, 91]
.text ntkrnlpa.exe!KeSetEvent + 191 822F8914 4 Bytes [18, 35, D1, 91]
.text ntkrnlpa.exe!KeSetEvent + 1F5 822F8978 4 Bytes [40, 3C, D1, 91] {INC EAX; CMP AL, 0xd1; XCHG ECX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8895D000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x889A6000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 39, 00] {SUB [EAX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 39, 00] {SUB [EBX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 39, 00] {TEST AL, 0x1; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A83C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 39, 00] {TEST AL, 0x2; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A8441 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 39, 00] {TEST AL, 0x0; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A857F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 39, 00] {SUB [ECX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 39, 00] {SUB [EDX], AL; CMP [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 39, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2508] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A78C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A7941 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A7A7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 2E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3204] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 1A, 00] {SUB [EAX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 1A, 00] {SUB [EBX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 1A, 00] {TEST AL, 0x1; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A64C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 1A, 00] {TEST AL, 0x2; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A6541 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 1A, 00] {TEST AL, 0x0; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A667F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 1A, 00] {SUB [ECX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 1A, 00] {SUB [EDX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3412] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A7FC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A8041 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A817F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 35, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3848] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A92C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A9341 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A947F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 48, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6004] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A68C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A6941 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A6A7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6104] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A80C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A8141 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A827F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 36, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6812] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A68C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A6941 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A6A7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 1E, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6864] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 32, 00] {SUB [EAX], AL; XOR AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 32, 00] {SUB [EBX], AL; XOR AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 32, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 32, 00] {TEST AL, 0x1; XOR AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A7CC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 32, 00] {TEST AL, 0x2; XOR AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 32, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 32, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A7D41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 32, 00] {TEST AL, 0x0; XOR AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A7E7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 32, 00] {SUB [ECX], AL; XOR AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 32, 00] {SUB [EDX], AL; XOR AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 32, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7812] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 1A, 00] {SUB [EAX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 1A, 00] {SUB [EBX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 1A, 00] {TEST AL, 0x1; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A64C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 1A, 00] {TEST AL, 0x2; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A6541 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 1A, 00] {TEST AL, 0x0; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A667F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 1A, 00] {SUB [ECX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 1A, 00] {SUB [EDX], AL; SBB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 1A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7916] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 2A, 00] {SUB [EAX], AL; SUB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 2A, 00] {SUB [EBX], AL; SUB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 2A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 2A, 00] {TEST AL, 0x1; SUB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A74C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 2A, 00] {TEST AL, 0x2; SUB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 2A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 2A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A7541 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 2A, 00] {TEST AL, 0x0; SUB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A767F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 2A, 00] {SUB [ECX], AL; SUB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 2A, 00] {SUB [EDX], AL; SUB AL, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 2A, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7928] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtCreateFile + 6 770A424A 4 Bytes [28, 00, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtCreateFile + B 770A424F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtMapViewOfSection + 6 770A499A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtMapViewOfSection + 6 770A499A 4 Bytes [28, 03, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtMapViewOfSection + B 770A499F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenFile + 6 770A4A2A 4 Bytes [68, 00, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenFile + B 770A4A2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenProcess + 6 770A4AAA 4 Bytes [A8, 01, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenProcess + B 770A4AAF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenProcessToken + 6 770A4ABA 4 Bytes CALL 760A8CC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenProcessToken + B 770A4ABF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenProcessTokenEx + 6 770A4ACA 4 Bytes [A8, 02, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenProcessTokenEx + B 770A4ACF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenThread + 6 770A4B1A 4 Bytes [68, 01, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenThread + B 770A4B1F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenThreadToken + 6 770A4B2A 4 Bytes [68, 02, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenThreadToken + B 770A4B2F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenThreadTokenEx + 6 770A4B3A 4 Bytes CALL 760A8D41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtOpenThreadTokenEx + B 770A4B3F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtQueryAttributesFile + 6 770A4BCA 4 Bytes [A8, 00, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtQueryAttributesFile + B 770A4BCF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtQueryFullAttributesFile + 6 770A4C7A 4 Bytes CALL 760A8E7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtQueryFullAttributesFile + B 770A4C7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtSetInformationFile + 6 770A515A 4 Bytes [28, 01, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtSetInformationFile + B 770A515F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtSetInformationThread + 6 770A51AA 4 Bytes [28, 02, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtSetInformationThread + B 770A51AF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtUnmapViewOfSection + 6 770A544A 4 Bytes [68, 03, 42, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[8164] ntdll.dll!NtUnmapViewOfSection + B 770A544F 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2508] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3204] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3412] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3848] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6004] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6104] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6812] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[6864] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[7812] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[7916] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[7928] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Program Files\Google\Chrome\Application\chrome.exe[8164] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OES75O3Z\down[1] 748 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OES75O3Z\ErrorPageTemplate[1] 2168 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3SXCCPR\background_gradient[1] 453 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3SXCCPR\bullet[1] 447 bytes
File C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W3SXCCPR\dnserrordiagoff_webOC[1] 6766 bytes

---- EOF - GMER 1.0.15 ----

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 30 April 2012 - 05:58 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 30 April 2012 - 11:37 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 14:42:20
-----------------------------
14:42:20.445 OS Version: Windows 6.0.6002 Service Pack 2
14:42:20.445 Number of processors: 2 586 0xF0D
14:42:20.446 ComputerName: OWNER-PC UserName: Owner
14:42:38.918 Initialize success
14:44:36.518 AVAST engine defs: 12043000
14:54:01.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:54:01.463 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3
14:54:01.863 Disk 0 MBR read successfully
14:54:01.868 Disk 0 MBR scan
14:54:01.878 Disk 0 Windows VISTA default MBR code
14:54:02.009 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:54:02.148 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 183813 MB offset 3074048
14:54:02.231 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 5468 MB offset 379523072
14:54:02.591 Disk 0 scanning sectors +390721536
14:54:03.580 Disk 0 scanning C:\Windows\system32\drivers
14:57:00.697 Service scanning
14:57:34.171 Modules scanning
15:01:54.655 Disk 0 trace - called modules:
15:01:54.798 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:01:54.808 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865536a0]
15:01:54.821 3 CLASSPNP.SYS[8870a8b3] -> nt!IofCallDriver -> [0x85408710]
15:01:54.833 5 acpi.sys[82c9b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85412030]
15:01:56.169 AVAST engine scan C:\Windows
15:04:54.119 AVAST engine scan C:\Windows\system32
15:42:40.272 AVAST engine scan C:\Windows\system32\drivers
15:47:18.588 AVAST engine scan C:\Users\Owner
19:01:53.848 AVAST engine scan C:\ProgramData
19:24:43.212 Scan finished successfully
00:35:45.921 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
00:35:45.934 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:50 AM

Posted 01 May 2012 - 09:02 AM

Waiting for other logs :thumbup2:

#9 delandelan

delandelan
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 01 May 2012 - 11:02 AM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

01/05/2012 12:54:20 AM
mbam-log-2012-05-01 (00-54-20).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 378729
Time elapsed: 3 hour(s), 32 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users